Opened 12 years ago

Closed 12 years ago

#18814 closed New feature (duplicate)

setting up view permission to user

Reported by: digambar Owned by: nobody
Component: contrib.auth Version: 1.3
Severity: Release blocker Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

There is no "Can view profile" permission available for user.
When admin wants to create a new user which will only view profile
when you set the "Can view profile" permission.
That user should not add & edit profile. It only can view the profile.

Change History (2)

comment:1 by digambar, 12 years ago

Type: UncategorizedNew feature
Version: 1.41.3

comment:2 by Russell Keith-Magee, 12 years ago

Resolution: duplicate
Status: newclosed

Marking as a duplicate of #820 and #7150.

Repeating something that I've said on the mailing list in the past: Django
1.2 added two features that lead me to believe that the time may have
come to revisit the earlier decisions to avoid view permissions.

Firstly, we added readonly fields. Ultimately, a readonly view is just
a view where all the fields are readonly; to me, it seems like a small
jump from "specifying an admin with N readonly fields" to "specifying
an admin that is all readonly fields".

Secondly, we added a framework for per-object permissions. Although
the API is in place for this, I'm not convinced that the consequences
of this change have been fully reflected in the admin. After all, it's
now possible to have a list of objects, but only have access to edit
some of those objects - but that doesn't mean you can't *see* the
remaining object - especially in the context of foreign key relations.

So -- I'm at least willing to entertain the discussion about adding
this as a first-class feature of the admin. If this is a feature that
you are enthused by, then put together a full proposal describing
exactly what you would like to add (possibly with a prototype patch),
and we can have the discussion over whether we should add this feature
to trunk -- or whether, like with per-object permissions, we just need
to expose an better API to make it easier to add view permissions as
an end-user.

Note: See TracTickets for help on using tickets.
Back to Top